Merge pull request #11761 from overleaf/jpa-access-check-noise-metric

[web] optionally run access check on old compile domain GitOrigin-RevId: 02fba931726cdfe1dad763e73e6306b041ce8ea5
2024-11-21 20:47:08 -05:00 · 2023-02-14 08:15:03 +00:00 · 2023-02-14 08:15:03 +00:00 · 9eff0140a9
commit 9eff0140a9
parent e525c4c58d
4 changed files with 36 additions and 11 deletions
--- a/services/web/app/src/Features/Project/ProjectController.js
+++ b/services/web/app/src/Features/Project/ProjectController.js
@ -1066,6 +1066,17 @@ const ProjectController = {
            }
          )
        },
+        accessCheckForOldCompileDomainAssigment(cb) {
+          SplitTestHandler.getAssignment(
+            req,
+            res,
+            'access-check-for-old-compile-domain',
+            () => {
+              // We'll pick up the assignment from the res.locals assignment.
+              cb()
+            }
+          )
+        },
        userContentDomainAccessCheckAssigment(cb) {
          SplitTestHandler.getAssignment(
            req,
--- a/services/web/app/src/Features/UserContentDomainCheck/UserContentDomainController.js
+++ b/services/web/app/src/Features/UserContentDomainCheck/UserContentDomainController.js
@ -1,11 +1,14 @@
 const Metrics = require('@overleaf/metrics')

 function recordCheckResult(req, res) {
+  const path = req.body.isOldDomain ? 'old' : ''
  Metrics.count('user_content_domain_check', req.body.succeeded, 1, {
    status: 'success',
+    path,
  })
  Metrics.count('user_content_domain_check', req.body.failed, 1, {
    status: 'failure',
+    path,
  })
  res.sendStatus(204)
 }
--- a/services/web/app/src/router.js
+++ b/services/web/app/src/router.js
@ -206,7 +206,7 @@ const rateLimiters = {
  userContentDomainAccessCheckResult: new RateLimiter(
    'user-content-domain-a-c-r',
    {
-      points: 15,
+      points: 30,
      duration: 60,
    }
  ),
@ -1348,6 +1348,7 @@ function initialize(webRouter, privateApiRouter, publicApiRouter) {
      body: Joi.object({
        failed: Joi.number().min(0).max(6),
        succeeded: Joi.number().min(0).max(6),
+        isOldDomain: Joi.boolean().default(false),
      }),
    }),
    RateLimiterMiddleware.rateLimit(
--- a/services/web/frontend/js/features/user-content-domain-access-check/index.ts
+++ b/services/web/frontend/js/features/user-content-domain-access-check/index.ts
@ -126,7 +126,9 @@ async function singleCheck(
  }
 }

-export async function checkUserContentDomainAccess() {
+export async function checkUserContentDomainAccess(
+  compileDomainOrigin: string
+) {
  // Note: The ids are zero prefixed. No actual user/project uses these ids.
  // mongo-id 000000000000000000000000 -> 1970-01-01T00:00:00.000Z
  // mongo-id 000000010000000000000000 -> 1970-01-01T00:00:01.000Z
@ -141,16 +143,12 @@ export async function checkUserContentDomainAccess() {
  if (getMeta('ol-user_id')) {
    // Logged-in user
    urls.push(
-      `${getMeta(
-        'ol-compilesUserContentDomain'
-      )}/zone/${zone}/project/${projectId}/user/${userId}/build/${buildId}/output/output.pdf`
+      `${compileDomainOrigin}/zone/${zone}/project/${projectId}/user/${userId}/build/${buildId}/output/output.pdf`
    )
  } else {
    // Anonymous user
    urls.push(
-      `${getMeta(
-        'ol-compilesUserContentDomain'
-      )}/zone/${zone}/project/${projectId}/build/${buildId}/output/output.pdf`
+      `${compileDomainOrigin}/zone/${zone}/project/${projectId}/build/${buildId}/output/output.pdf`
    )
  }

@ -216,7 +214,9 @@ export async function checkUserContentDomainAccess() {
        if (
          isSplitTestEnabled('report-user-content-domain-access-check-error')
        ) {
-          captureException(err)
+          captureException(err, {
+            tags: { compileDomain: new URL(compileDomainOrigin).hostname },
+          })
        } else {
          console.error(OError.getFullStack(err), OError.getFullInfo(err))
        }
@ -227,7 +227,12 @@ export async function checkUserContentDomainAccess() {

  try {
    await postJSON('/record-user-content-domain-access-check-result', {
-      body: { failed, succeeded: cases.length - failed },
+      body: {
+        failed,
+        succeeded: cases.length - failed,
+        isOldDomain:
+          compileDomainOrigin === getMeta('ol-compilesUserContentDomain'),
+      },
    })
  } catch (e) {}

@ -282,7 +287,12 @@ export function scheduleUserContentDomainAccessCheck() {
      recordMaxAccessChecksHit()
    }
    if (remainingChecks-- <= 0) return
-    checkUserContentDomainAccess()
+    if (isSplitTestEnabled('access-check-for-old-compile-domain')) {
+      checkUserContentDomainAccess(getMeta('ol-fallbackCompileDomain')).catch(
+        () => {}
+      )
+    }
+    checkUserContentDomainAccess(getMeta('ol-compilesUserContentDomain'))
      .then(ok => {
        accessCheckPassed = ok
      })